16978 matches found
CVE-2021-38604
A flaw was found in the GNU C library glibc, where the sysdeps/unix/sysv/linux/mqnotify.c function mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. The highest threat from this vulnerability is to system availability...
CVE-2021-38604
In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix...
CVE-2021-38604
In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix...
CVE-2021-38604
In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix...
CVE-2021-38604
In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix...
Remote Code Execution (RCE)
GNU is vulnerable to Remote Code Execution RCE. The vulnerability exists due to an integer overflow that triggers an out-of-bounds heap write...
The vulnerability of the GNU Aspell spell-checking program lies in its ability to write outside the field, allowing a hacker to execute arbitrary code.
The vulnerability of the GNU Aspell spell checker lies in its ability to be executed outside of the field. Exploiting this vulnerability allows an attacker to execute arbitrary code...
GNU C Library 代码问题漏洞
The GNU C Library glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A security vulnerability exists in the GNU C Library aka glibc version 2.34 and earlier versions of librt, which stems from sysdeps/unix/sysv/linux/mqnotify.c incorrectly handling certain...
CVE-2021-32768
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...
CVE-2021-32768
CVE-2021-32768 is a cross-site scripting vulnerability in TYPO3 where the frontend rendering of rich-text content can reflect malicious input due to HTMLparser not filtering all tag/attribute combinations by default. In typical scenarios, exploitation requires a valid backend user account, but if...
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2021-2295)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2021-3819 · Gnu +1 · Glibc +1
Name of the Vulnerable Software and Affected Versions: glibc versions through 2.34 Description: The issue is related to the mishandling of certain NOTIFY REMOVED data in the sysdeps/unix/sysv/linux/mq notify.c component of the GNU C Library glibc, leading to a NULL pointer dereference. This can b...
DEBIAN-CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
UBUNTU-CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
Integer overflow
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
CVE-2021-38185
CVE-2021-38185 affects GNU cpio up to version 2.13. The issue is an integer overflow in ds_fgetstr() (dstring.c) that can trigger an out-of-bounds heap write via a crafted pattern file, potentially enabling arbitrary code execution. Public advisories from multiple vendors confirm patched releases...
CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
PT-2021-4457 · Gnu +10 · Gnu Cpio +10
Name of the Vulnerable Software and Affected Versions: GNU cpio versions 2.13 and earlier Description: The issue is caused by an integer overflow in the dstring.c component of the GNU cpio package, specifically in the ds fgetstr function. This overflow triggers an out-of-bounds heap write, allowi...
CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...